Tresorit takes on PRISM-provoked worries with encrypted cloud storage

As European businesses sort out the ramifications of the NSA PRISM data collection controversy, it’s probably not a bad time to be a European startup specializing in secure cloud storage. And that’s what Tresorit is doing.

Tresorit CEO Istvàn Lam

Advertisement

The Budapest-based startup, one of our Structure:Europe Launchpad finalists, was founded by star computer engineering grads of the Budapest University of Technology and Economics. It started building its secure cloud storage service with Java on Amazon(s amzn) Web Services, but decided its developers’ time was better spent brewing its secret sauce, not configuring servers and turning knobs, so they moved to Microsoft(s msft) Windows Azure platform as a service. (It didn’t hurt that Microsoft offered a year’s worth of free Azure.)

Still, given PRISM-generated concerns about use of U.S.-company owned clouds, my first question to CEO Istvàn Lam, was “why Azure?” It is, after all American owned, and we all know now that American companies, regardless of where their data centers reside, can and do turn over customer data when mandated to do so by U.S. Law.

His response: Tresorit applies AES-256 client-side encryption to files while they’re still local and then uploads them to Azure. Then there are additional layers of security, but the key takeaway is the encryption key never leaves the user — neither Tresorit or Microsoft has it, so neither can “see” the customer’s stuff, said Lam, who studied cryptography in school. Presumably, the NSA can’t either.

Tresorit was even willing to bet on that security, offering $10,000 to anyone who could penetrate its defenses. It set up a test bed for this challenge — populated with virtual (fake) user data and offered all takers admin rights to take go for it. That challenge was issued in April when the service went to public beta and to date no one has claimed the prize.

Founded in 2012 — before Lam even graduated — the company has grown like a weed to 27 employees, 14 of whom are very recent hires. The target market is small and mid-sized companies but Lam has his eye on the enterprise as well. Competitors in this arena include Spideroak and Zurich-based Wuala.

Here’s the thing: even without government data collection worries, everyday business people are much more concerned about the security and privacy of their data. A vendor that can offer them an easy to use way to lock up that information and transport it to a cloud has a huge market opportunity ahead. Tresorit has the cryptography talent to make a go of it, and that’s why it was selected as one of GigaOM’s ten Launchpad finalists — out of nearly 90 candidates. Join us London at Structure: Europe September 18 and 19 to check it out.

Another competitor is Lockbox (www.lock-box.com) who is also taking on PRISM (http://it.slashdot.org/story/13/09/01/030233/lockbox-aims-to-nsa-proof-the-cloud). Though it seems Lockbox has taken the end-to-end encryption even further with everything client-side including key rolling, X.509 certificates and digital signatures. This means that Lockbox has no reliance on the storage provider and so you can store your ciphertext on any S3 server anywhere in the world.

Unfortunate that the name “Tresorit” is (very nearly) an anagram of “Terrorist”, which is how I read it when scanning my headlines in RSS. Sadly, this is a “me too” story about yet another “me too” product.